A computing system includes a physical server having a single instance of an operating system; and a plurality of virtual environments running on the physical server and directly supported by the single instance of the operating system. Each virtual environment responds to requests from users and appears to the users as a stand-alone server having its own instance of the operating system. Each virtual environment has a plurality of objects associated with it and supported by the operating system. Some of the objects are private and other objects are shared between multiple virtual environments. One virtual environment cannot access private objects of another virtual environment.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computing system comprising: a physical server having an instance of a main operating system (OS); a plurality of virtual environments running on the physical server and supported by the main OS, each appearing to the users as a stand-alone server; each virtual environment having its own guest OS kernel; each virtual environment permitting its root user to configure parameters of its instance of the OS kernel; each virtual environment having a plurality of private objects supported by the main OS, a plurality of public objects shared between multiple virtual environments and supported by the main OS, wherein one virtual environment cannot access private objects of another virtual environment, and wherein two processes from different virtual environments started for execution from one main OS file are isolated from each other but share at least some physical memory pages using hardware capabilities of the processor.
2. The system of claim 1 , wherein each virtual environment has an independent root file system.
3. The system of claim 1 , wherein each virtual environment has a file system that is invisible to other virtual environment.
4. The system of claim 1 , wherein each virtual environment has a complete set of operating system processes.
5. The system of claim 1 , wherein each virtual environment has a complete set of operating system files.
6. The system of claim 1 , wherein each virtual environment can modify any file of its own instance of the operating system.
7. The system of claim 1 , wherein none of the virtual environments have dedicated memory allocated to them.
8. The system of claim 1 , wherein none of the virtual environments utilize emulated hardware.
9. The system of claim 1 , wherein each object has a corresponding identifier, wherein at least some of the identifiers are the same for objects associated with different virtual environments, and wherein objects of different virtual environments are isolated from each other even when they have the same identifiers.
10. The system of claim 1 , wherein resources of the operating system kernel belonging to different virtual environments are separated on a namespace level.
11. The system of claim 1 , wherein resources and objects of one virtual environment are not visible to processes and objects of other virtual environments.
12. The system of claim 1 , wherein the virtual environment comprises processes and files of the operating system kernel.
13. A method of operating a computing system comprising: a physical server having an instance of a main operating system (OS); a plurality of virtual environments running on the physical server and supported by the main OS, each appearing to the users as a stand-alone server; each virtual environment having its own guest OS kernel; each virtual environment permitting its root user to configure parameters of its instance of the OS kernel; each virtual environment having a plurality of private objects supported by the main OS, a plurality of public objects shared between multiple virtual environments and supported by the main OS, wherein one virtual environment cannot access private objects of another virtual environment, and wherein two processes from different virtual environments started for execution from one main OS file are isolated from each other but share at least some physical memory pages using hardware capabilities of the processor.
14. The method of claim 13 , wherein each virtual environment has an independent root file system.
15. The method of claim 13 , wherein each virtual environment has a file system that is invisible to other virtual environment.
16. The method of claim 13 , wherein none of the virtual environments have dedicated memory allocated to them.
17. The method of claim 13 , wherein none of the virtual environments utilize emulated hardware.
18. The method of claim 13 , wherein each object has a corresponding identifier, wherein at least some of the identifiers are the same for objects associated with different virtual environments, and wherein objects of different virtual environments are isolated from each other even when they have the same identifiers.
19. The method of claim 13 , wherein resources of the operating system kernel belonging to different virtual environments are separated on a namespace level.
20. The method of claim 13 , wherein resources and objects of one virtual environment are not visible to processes and objects of other virtual environments.
21. The method of claim 13 , wherein each virtual environment includes processes and files of the operating system kernel.
22. The method of claim 13 , wherein each virtual environment has a complete set of operating system processes.
23. The method of claim 13 , wherein each virtual environment has a complete set of operating system files.
24. The method of claim 13 , wherein each virtual environment can modify any file of its own instance of the operating system.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 8, 2008
March 27, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.